Last week I reported on trying to remove the "Windows Defender" virus from the computers belonging to my dad and one of my daughters. I thought I had removed it, but then it returned to my dad's computer -- as one commented suggested it might.
(The virus disables Microsoft's Defender software, preventing you from reinstalling it. It displays dialog boxes and alert balloons that look similar -- but not identical to -- Microsoft's own security warnings. Below is an image of an older version of the virus. When you agree that you want to remove the threat, it asks for $60 or so.)
The newer version of this malware uses "Vista" in the name, instead of "XP."
Image credit: 2-Viruses
Where does the virus come from? Your Web browser, and it usually downloads from an infected Web site to your computer -- without you knowing it. It is really nasty.
I was disappointed that both Microsoft (running on my dad's computer) and AVG (running on the daughter's computer) anti-virus failed to block the infection. On my dad's computer, I wiped the drive, reinstalled Vista, did the 106 Windows updates, copied over his backed-up files, and then reinstalled the apps. This took about a day.
I looked around the Interweb for other anti-virus programs that (a) were being commended and (b) would actually find the virus. I found two:
Avast - does realtime monitoring, and it found the virus lurking on the external hard drive onto which I had backed-up my dad's documents (prior to reinstalling Vista).
Malwarebytes - is a scanner, and it found several virii still on my daughter's computer.
This one has a nice touch: if it finds a virus, it reboots the computer into safe command-line mode, which is the best way to erase virii. Note that in this mode, you need to attend the computer, since the software pauses each time it finds a problem, waiting for you to respond. (This is not the fault of the program, but a reality of command-line mode.)
So I will see if these two apps are better than their better-known competitors.
Not that Mac users can be smug. The same virus is now affecting them:
Apple: How to avoid or remove Mac Defender malware — A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender “anti-virus” software to solve the issue.
I wonder if this is now just the beginning of the virus onslaught for Mac users. We Linux users may remain in our smug positions.